Installing NetWare Directory Services

Setting up and administering NetWare Directory Services TRADEMARK

requires planning and record keeping. Use the UnixWare online documentation for guidelines and suggestions on planning your Directory tree. Make a thorough record of your Directory tree installation, as this can be invaluable when recovering from a system crash.

If you have installed UnixWare and then NetWare Services^® you are now ready to plan your NetWare Directory Services tree.

Beginning the installation

NOTE: You must have system administrator privileges to use the Application Installer.

If you selected ``No'' in response to the option ``Start NetWare at Boot Time'' on the ``Server Parameters'' menu (Step 7 in ``Configuring the server''), you must start the server before attempting to install NetWare Directory Services. Refer to ``Starting the server''.

Complete the following steps to install NDS:

In either text or graphics mode, start up the Directory Services Install application using one of the following methods:
- Enter the command scoadmin. When the scoadmin window appears, select ``NetWare'' then select ``Directory Services Install''.
- At the command line, enter the following:
  
  scoadmin directory services install
  See the note on the case of characters in scoadmin command lines in ``Viewing system messages during installation''.
Select ``Install Directory Services onto this Server''.
Based on how your network is configured one of the following appears. Go to the topic indicated.
- If the prompt ``Is this the first NetWare 4 server?'' appears, go to ``A nonlocatable Directory tree, or the first server''.
- If a menu that begins with the option ``Install into tree TREENAME'' appears, go to ``A single Directory tree is found''.
- If a list entitled, ''Existing Directory Trees'' appears, go to ``Multiple directory trees are found''.

A nonlocatable Directory tree, or the first server

The following prompt appears if there is no previously installed NetWare server, or the server you are installing cannot see the previously installed NetWare server(s):

Is this the first NetWare 4 server?

Complete the steps in the appropriate topic:

The server cannot locate a Directory tree that was installed previously

From the ``Is This the First NetWare 4 Server?'' prompt, choose ``No, Connect to Existing NetWare 4 Network''.
A menu appears.
- If you have verified that an existing NetWare 4 server is up and physically connected to this server, and that both servers are bound to IPX with the proper LAN driver, frame type, and IPX external network number, choose the ``Recheck for NetWare 4 Network'' option.
  If a single Directory tree is located, go to ``A single Directory tree is found''.
  If multiple Directory trees are located, go to ``Multiple directory trees are found''.
- If your network has SAP filtering and you know the IPX internal network number of an existing NetWare 4 server, choose ``Specify Address of NetWare 4 Server''.
  Enter the name of the Directory tree. Enter the IPX internal network number of an existing NetWare 4 server in the Directory tree.
  If a single Directory tree is located, go to ``A single Directory tree is found''.
  If multiple Directory trees are located, go to ``Multiple directory trees are found''.

This is the first NetWare 4 server

Choose ``Yes, This Is the First NetWare 4 Server''.
A screen appears, ready for you to name your new Directory tree.
For help on rules for naming a Directory tree, press <F1>.
Specify the Directory tree name.
Each Directory tree must have a name that is unique across the internetwork. (Most organizations have only one Directory tree.)
The tree name enables clients to
- Access data on multiple servers in a Directory tree without logging in to each server.
- Log in to different Directory trees by specifying the tree name.
  NOTE: Each Directory tree has its own database of objects that is not visible from another tree. Be aware of this limitation before creating multiple Directory trees.
Set up time synchronization.
Time synchronization is important to NDS, because it
- Monitors and adjusts a NetWare server's internal time to ensure consistency of reported time across the network.
- Indicates when a server's time is synchronized with the rest of the network.
- Provides timestamps to establish the order of events in the Directory.
  WARNING: Setting up time synchronization incorrectly can cause network synchronization problems within the Directory database.
For more information on time synchronization, see your UnixWare online documentation.
To enable time synchronization, you need to specify what type of time server category this server falls into.
- At the ``Time Configuration Parameters'' screen, verify or specify time synchronization parameters. There are four time server types:
  - Single Reference
  - Reference
  - Primary
  - Secondary
  The default sets the first NetWare Services server in a Directory tree as a Single Reference server. All other servers default as Secondary servers.
  NOTE: Do not change the time server defaults without a clear understanding of time server types. Press <F1> for help.
  A screen appears. The cursor will be in the ``Time server type'' field.
- (Conditional) If you want to choose a different time server type, highlight the ``Time Server Type'' field.
  A screen appears, prompting you to specify the server's NDS context.
Specify the server's context (name context).
The server context, or name context, specifies where the server is located in the hierarchical Directory tree. The context is composed of
- A company or organization name (example: O=Your Company).
- Optional names of organizational units and subunits, such as divisions or departments (example: OU=Sales).
- An optional country code (example: C=US).
  NOTE: For recommendations on how to lay out your Directory tree, see your UnixWare online documentation.
For example, if your NetWare server were located in the ``Sales_LA'' group of the Sales department of a company called Acme, the server's context would be OU=Sales_LA.OU=Sales.OU=Acme.
NOTE: The [Root] object is created automatically during NDS installation.
For information on context and naming conventions, see your UnixWare online documentation.
- In the ``Company or Organization'' field, enter your company or organization name.
  Only valid characters (letters A through Z or a through z, numbers 0 through 9, hyphen, underscore) can be used.
- (Optional) In the ``Level 1 (Sub)Organizational Unit'' field, enter an Organizational Unit name (such as a division or a department).
  Use this name to further specify your Directory tree. This could be a division name, a locality name, a department name, or anything that reflects your organization's structure.
  Notice that the information in the ``Server Context'' field is updated every time you enter a new name.
- (Optional) In the ``Level 2 (Sub)Organizational Unit'' field, enter an additional Organizational Unit name.
- (Optional) In the ``Level 3 (Sub)Organizational Unit'' field, enter an additional Organizational Unit name.
  You can manually enter more than three levels of Organizational Units into the ``Server Context'' field. Make sure you enter a period (.) as a delimiter between the name entries.
  NOTE: For more information, see your UnixWare online documentation.
The default common name (CN) for the administrator of the first NetWare Services server in a Directory tree is ADMIN. The installation program creates this User object ADMIN directly under the Organization (O=) level.
The administrator can
- Manage this Server object.
- Manage User objects in this container.
- Manage the Directory tree (applies only to ADMIN created on the first NetWare Services server).
You can change the name of user ADMIN using the NETADMIN (or NetWare Administrator) utility after the server is installed and you have set up a workstation.
Type the administrator's password.
- At the prompt, reenter the password.
- (Optionally) Make a record of the password.
To save Directory information, press <F10>.
A message appears indicating that NetWare Directory Services is being installed.
Review ``How does the Directory tree appear now?'' and ``What trustee assignments were created during the installation?''.

A single Directory tree is found

If, after scanning the network, a single Directory tree is found, the tree name is displayed along with a menu.

Choose an option from the menu:

If you want to install into the displayed Directory tree, refer to ``Install into the displayed Directory tree''.
If you want to install into a Directory tree that is not displayed, see ``The server cannot locate a Directory tree that was installed previously''.
If you want to create a new Directory tree, choose ``Select Another Tree''. Then press <Ins>. At the confirmation prompt, press <Enter>. Follow the procedures under ``This is the first NetWare 4 server''.

Install into the displayed Directory tree

To install the new NetWare Services server into the Directory tree displayed in the menu, continue with the procedures that follow.

NOTE: Depending on its structure, the displayed Directory tree can be either a simple tree (only one level) or a custom tree (multilevel).

Choose ``Install into Tree tree name''.
Set up time synchronization by completing Step 3 in ``This is the first NetWare 4 server'', then return here.
After you set up time synchronization, either a password prompt or a login authentication and password prompt appears.
- If a simple prompt reading ``Admin Password'' appears, enter the administrator password.
- If this simple prompt appears and you want to customize the Directory tree, press <F4>. If prompted, enter the administrator name. Enter the administrator password. Carry out Steps 4 and 5 in ``This is the first NetWare 4 server''.
- If a screen entitled ``Directory Services Login/Authentication'' appears, enter the administrator name (if prompted to do so). Enter the administrator password. Carry out Steps 4 and 5 in ``This is the first NetWare 4 server''.

Multiple directory trees are found

If multiple Directory trees are found, the ``Existing Directory Trees'' menu appears.

Choose the Directory tree into which you want to install this server.
A list of all Directory trees that are visible from this server appears. Most organizations have only one Directory tree.
NOTE: Make sure you choose the correct Directory tree name. If your organization has more than one tree, attaching to the wrong tree or creating a new Directory tree will prevent this server from sharing data within the desired Directory database.
Choosing an existing tree makes this new server part of that tree's NetWare Directory database.
- (Conditional) If the Directory tree you want is not displayed, verify that an existing NetWare Services server in that tree is up and physically connected to this server, and that both servers are bound to IPX with the proper LAN driver, frame type, and IPX external network number. Then press <F4> to rebuild the list.
- (Conditional) If your network has SAP filtering and you know the IPX internal network number of an existing NetWare 4 server, press <F3> and enter the name of the Directory tree. Then, enter the IPX internal network number of an existing NetWare 4 server in the Directory tree.
- (Conditional) If you need to create a new Directory tree on the network, press <Ins>. At the confirmation prompt, press <Enter>. Then follow the procedure given in ``This is the first NetWare 4 server''.
Specify time synchronization parameters.
The time configuration defaults for all servers except the first NetWare Services server appear.
- (Conditional) If you chose a simple Directory tree (only one level), a simple ``Admin Password'' prompt appears.
  If you want to install this server into the simple Directory tree, enter the administrator password.
  If you want to customize the simple Directory tree to create multiple levels, press <F4>. If necessary, enter the administrator name. Type the administrator password. Carry out Step 4 in ``This is the first NetWare 4 server'' to set up the server's context.
- In the ``Verify/Enter Time Configuration Information for this Server'' screen, verify or specify time synchronization parameters.
  Refer to your UnixWare online documentation for information on how to plan for time synchronization.
  See Step 3 in ``This is the first NetWare 4 server'' for instructions on how to configure time parameters, then return here.
- Press <F10> to save and continue.
  After you have finished setting up time synchronization, you are prompted to specify a Directory administrator login name and password.
(Conditional) If the administrator's name is not displayed, enter the administrator's name.
Enter the complete name of the administrator. This could be
- your login name
- the name of any User object with the Supervisor object right to this context
- user object ADMIN
  For example, enter
  
  CN=ADMIN.O=Your Company
  Or, if you specified a country, enter
  
  CN=ADMIN.O=Your Company.C=US
  
  NOTE: For more information about complete context names, refer to your UnixWare online documentation.
When the first NetWare Services server is installed, the administrator's default name is ADMIN, but this name could have been changed after the first NetWare Services server was installed.
There also could be more than one administrator in your Directory tree.
NOTE: Without supplying the correct name, you cannot install this server as part of the Directory tree.
Enter the administrator's password.
This password authenticates the administrator (the user installing the server) to the Directory. The server context screen appears.
Choose an existing NetWare context or specify a new one.
If you want to place this new server into a context that has been previously defined, press <Enter> at each organizational level to view existing container objects and choose the object you need.
If you want to define a new context for this server, enter one or more new Organizations (O=) or Organizational Units (OU=). See the examples that follow.
You can either place this new server into a previously defined context or you can specify a new context. By defining a context that does not exist yet, you ``create'' the context; that is, you create a new branch in the Directory tree.
Assume the context of the only existing NetWare 4.1 server is

OU=NEW_PRODUCTS.OU=MARKETING.O= YOUR COMPANY
If you specify the new server's context as

OU=SALES.O= YOUR COMPANY
the Directory tree will have a new ``branch'' (Sales). After server installation, you can view your Directory tree using the NETADMIN or NetWare Administrator utility.
NOTE: By default, the installation utility adds a replica (duplicate) of the partition that contains the server's context only if the total number of existing replicas is less than three.
You can modify partitions with the PARTMGR or NetWare Administrator utility, after server and workstation installations are complete.
For more information on Directory partitions, see your UnixWare online documentation.
To save the Directory information, press <F10>.
A confirmation box appears.
Press <Enter> to select Yes.
Review ``How does the Directory tree appear now?'' and ``What trustee assignments were created during the installation?''.

How does the Directory tree appear now?

The following objects were created in the Directory tree:

server object
volume objects (servername_SYS: and other volumes you specified)
user object ADMIN (the administrator who has Supervisor object rights to this context); the installation utility places this object directly under the Organization level
user object Supervisor (for bindery services purposes only); this object can be recognized only from pre-NetWare 4.1 utilities (user object Supervisor takes on User object ADMIN's password)
NOTE: User object ADMIN is created only once, and only on the first server in the Directory tree.

These objects are placed in the same context you defined for your server.

What trustee assignments were created during the installation?

The following assignments were created:

User object ADMIN has the Supervisor object right to the [Root] object. By inheritance, ADMIN also has the Supervisor right to all Volume objects in the Directory.
[Public] has the Browse right to the [Root] object.
[Public] is equal to the group EVERYONE in the NetWare 3 environment.
Any container object has Read and File Scan rights to the PUBLIC directories of all system volumes in that container.
The [Root] object (or security equivalent) of a tree has the Browse right to all User objects in that tree. This can be blocked by an Inherited Rights Filter or removed from a container's trustee list (ACL).
The [Root] object has the Read right to the member property of any Group object.
The [Root] object has the Read right to the following properties of any Volume object: host server name (the server that the physical volume resides on) and host resource (the physical volume).
All User objects have the Read right to their own properties and to the properties of any profile they belong to. User objects also have Read and Write rights to their user login script.

For more information, see your UnixWare online documentation.

Exiting the Directory Services installation utility

The installation of the NetWare Directory Services is now complete.

To exit the Directory Services installation utility, select ``Exit'' from the Directory Services option menu.

If you want to go on to install NetWare clients, see ``Using NetWare Services applications'' and ``Installing NetWare clients'', and if you want to configure printers, refer to your UnixWare online documentation.

Removing NetWare Directory Services

Before removing NetWare Services, you must first remove NetWare Directory Services. For information on removing NetWare Directory Services, refer to your UnixWare online documentation.

Removing NetWare Services

NOTE: You must have system administrator privileges to use the Application Installer.

Using the Application Installer

To remove NetWare Services using the Application Installer, do the following:

In graphics mode, start up the Application Installer using one of the following methods:
- Enter the command scoadmin. When the scoadmin window appears, select ``Software Management'' then select ``Application Installer''.
- At the command line, enter the following:
  
  scoadmin application installer
  See the note on the case of characters in scoadmin command lines in ``Viewing system messages during installation''.
Select ``nws'' and click on Remove.
You are prompted to confirm your request to remove NetWare Services.

Using the command line

To remove NetWare Services from the command line, open a Terminal window and enter

pkgrm nws

Screen messages indicate when the package has been removed successfully.